[strongSwan] L2TP/IPSec Connect/Disconnect Problems

Noel Kuntze noel at familie-kuntze.de
Sun Oct 12 20:28:39 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Milen,

This is the strongswan mailing list, not the openswan one.
There is no guarantee that you will get help here.

Based on the third message in the log excerpt, I think you need to allow identical IDs
or give your users different credentials.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 12.10.2014 um 20:14 schrieb Milen Pankov:
> Hi,
>
> I have problems using l2tp/ipsec connections with openswan/xl2tp. Users
> using the connection frequently disconnect and after that cannot connect
> anymore. Here is a log example from a user that failed to connect after
> a disconnect:
>
> 2014-08-09 23:20:30: "l2tp"[2422] public_ip:4500 #2738: NAT-Traversal:
> received 2 NAT-OA. using first, ignoring others
> 2014-08-09 23:20:30: "l2tp"[2422] public_ip:4500 #2738: responding to
> Quick Mode
> 2014-08-09 23:20:30: "l2tp"[2422] public_ip:4500 #2738: cannot install
> eroute -- it is in use for "l2tp"[2419] public_ip:4500 #2735
> 2014-08-09 23:20:30: "l2tp"[2422] public_ip:4500: deleting connection
> "l2tp" instance with peer public_ip {isakmp=#0/ipsec=#0}
> 2014-08-09 23:20:32: "l2tp"[2419] public_ip:4500 #2734: Quick Mode I1
> message is unacceptable because it uses a previously used Message ID
> 0x02000000 (perhaps this is a duplicated packet)
> 2014-08-09 23:20:32: "l2tp"[2419] public_ip:4500 #2734: sending
> encrypted notification INVALID_MESSAGE_ID to public_ip:4500
> 2014-08-09 23:20:35: "l2tp"[2419] public_ip:4500 #2734: Quick Mode I1
> message is unacceptable because it uses a previously used Message ID
> 0x02000000 (perhaps this is a duplicated packet)
>
> Can you help me with this?
>
> Regards,
> Milen
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUOshXAAoJEDg5KY9j7GZY/iYP/il/A2/VdTBOsijUHEzvGjfQ
JpOBMB0pLbtUZoP7nztHbXmxB35jmu0b/epdCWos6aX9dn4mbs3NB/SMrKffvdvP
tH3SNiUYvxuyeXnz/3WnB76p0Z0dObVXB8Q9cI7ck9JFIi3f3nFYARhfOiK8Zgcc
KJt2rX7QOCe/CMyrbHyitatzUpdxeYvybt69KR0iefcdbbkCV9az9l9X66JCGFie
a/Klw5qqptX38+UpNM5vc3rmqf2sI0FdV3j27wEfRsrz29pdBGCn2NIyuG3sb8CH
jeTDCYpDg43BwSmn5whcF/5PituefTIHseG8je9OYKINAPg23f7SATnQX/6T6Row
psF20H1M0qMhGo2oiV6b2dLDRoTYcAGrHvAgEJpQvbcbmqGlaU9jqazjcz9y9R50
jHN2OkZOE/c4+rdxqVqNt4cigMIKFezO+llrpXlIEBsihGv5eUvwaUhexMjNrCbj
e+7c45GE3OHvmSKo/Ip1G4xEPNqGf5hYitVvCVeg7K4FCwwkmPnpyxh55a01SVcg
MypUmDANozIp7IPzFkK0JRxVkKpDg3PY+PuJlT4VMeVWSE9cAX+2PPY3v5p27M/l
tWfoLmm6LgyL3STGaNZ+2VIUAq2VWOnpYh/1qVNtGNJTwtEiB0rfrZ1G4ESsZV8Y
53/92DGNC2tNnR80hSiN
=LjVA
-----END PGP SIGNATURE-----



More information about the Users mailing list